We use MFA for Exchange online and Office 365. The conditional access requests the user to MFA every 24h. When the user logins, lest say, at 10AM on Monday; then, at 10AM on Tuesday, he will get a MFA request/call on his phone. This works just fine if the user is in the computer. However, if at 10AM the user is not in the computer, and the computer is ON, he will still get the MFA request/call on his phone.
If the user does not accept the MFA, he/she will need to restart outlook, or office 365 when he returns to his computer, to get prompted again
This is training our users to accept an MFA, even though they have no knowledge of trying to login.
I wonder if there is a solution to this issue. I thought something like the user getting a prompt saying "We will now send a MFA request to your preferred method, do you approve?" and have an accept button or something like that before actually sending the request to the MFA device.
Do you guys know of anything that can help?